Thank you Amos,
As always you hit it, it worked fine with note acl.
I really appreciate your time to support this community, great help
today. Thanks a lot
God Bless you
Alberto
On 3/5/15, Amos Jeffries wrote:
> On 6/03/2015 10:35 a.m., Alberto Perez wrote:
>> Thanks Amos for the link, I un
On 6/03/2015 5:11 p.m., vin_krish wrote:
> Hi all,
>
> Can we avoid browser finger printing using squid 3..? Please help
> me.
Yes and no. But mostly no.
Yes in that Squid adds/removes headers for its normal operation and that
can be extended to remove or change browser details.
No bec
Hi all,
Can we avoid browser finger printing using squid 3..? Please help
me.
Regards,
krish
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-avoid-browser-finger-printing-using-squid3-tp4670244.html
Sent from the Squid - Users mailing list a
Hello Amos :
Thanks for your reply , and i sloved the probme
just now,
our error config( reply_header_access ) caused the
problem .
when i disable the part via #reply_header_access
All deny all , and everything is fine.
r
On 6/03/2015 1:25 p.m., Amos Jeffries wrote:
> On 6/03/2015 3:56 a.m., johnzeng wrote:
>>
>> Hi all :
>>
>> When i browse some webpage ( www.ifeng.com) via proxy ( squid.3.5.2) ,
>>
>> There are some error info from firefox browser .
>>
>> if possible , please give some advisement .
>>
>> -
On 6/03/2015 10:35 a.m., Alberto Perez wrote:
> Thanks Amos for the link, I understand tcp_outgoing_address only
> works with fast acl and external acls are slow.
>
> In order to mitigate this fact and achieve my purpose of share traffic
> among two links depending only of username, who can recom
On 6/03/2015 3:56 a.m., johnzeng wrote:
>
> Hi all :
>
> When i browse some webpage ( www.ifeng.com) via proxy ( squid.3.5.2) ,
>
> There are some error info from firefox browser .
>
> if possible , please give some advisement .
>
> ---
>
> Cont
Thanks Amos for the link, I understand tcp_outgoing_address only
works with fast acl and external acls are slow.
In order to mitigate this fact and achieve my purpose of share traffic
among two links depending only of username, who can recommend me a
workaround?
I was working in mantaining of IP
Hi list,
I am new in the list and I want to solve a problem with the
authentication process in the factory that I worked some years ago and
in this place I began work with Linux.
They use openSuSE 13.2 (64bits) with squid 3.4.4, the specification are:
- the authentication is local, Unix users
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
I don't see any inconsistencies.
06.03.15 0:14, Monah Baki пишет:
> So from my proxy server, everything looks good?
>
>
>
> On Thu, Mar 5, 2015 at 1:12 PM, Yuri Voinov
> wrote:
>
> Looks good too.
>
> Damn.
>
> Will think.
>
> Need to ru
So from my proxy server, everything looks good?
On Thu, Mar 5, 2015 at 1:12 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Looks good too.
>
> Damn.
>
> Will think.
>
> Need to run some external checks.
>
> 06.03.15 0:10, Monah Baki пишет:
> > root@ISN-PHC-CACHE:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks good too.
Damn.
Will think.
Need to run some external checks.
06.03.15 0:10, Monah Baki пишет:
> root@ISN-PHC-CACHE:/home/support # pfctl -s nat No ALTQ support in
> kernel ALTQ related functions disabled rdr pass inet proto tcp from
> 10.0.0
root@ISN-PHC-CACHE:/home/support # pfctl -s nat
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from 10.0.0.0/8 to any port = http -> 10.0.0.24
port 3129
On Thu, Mar 5, 2015 at 1:08 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can you run pfctl -s nat state on proxy box?
06.03.15 0:05, Monah Baki пишет:
> Ok let me ask the client tomorrow to run telnet 10.0.0.24 80 from
> a workstation
>
> Thanks for he help Yuri
>
> On Thu, Mar 5, 2015 at 1:02 PM, Yuri Voinov
> wrote:
>
Ok let me ask the client tomorrow to run telnet 10.0.0.24 80 from a
workstation
Thanks for he help Yuri
On Thu, Mar 5, 2015 at 1:02 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Sorry, I'm wrong. Netstat on host can't show redirected listeners.
>
> Need to check i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry, I'm wrong. Netstat on host can't show redirected listeners.
Need to check it externally.
05.03.15 23:59, Monah Baki пишет:
> On 10.0.0.24
>
> root@ISN-PHC-CACHE:/home/support # netstat -an Active Internet
> connections (including servers) Pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good.
I don't see any 80 port listens.
This is root of problem.
PF does not work.
05.03.15 23:59, Monah Baki пишет:
> On 10.0.0.24
>
> root@ISN-PHC-CACHE:/home/support # netstat -an Active Internet
> connections (including servers) Proto Recv-Q Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From your PC run telnet 10.0.0.24 80. You've seen if TCP socket opens.
05.03.15 23:10, Monah Baki пишет:
> How can I confirm, I have access only to the BSD box
>
> Thanks
>
> On Thu, Mar 5, 2015 at 11:12 AM, Yuri Voinov
> wrote:
>
> Does 80 port
How can I confirm, I have access only to the BSD box
Thanks
On Thu, Mar 5, 2015 at 11:12 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Does 80 port outside BSD-box listens?
>
> 05.03.15 21:25, Monah Baki пишет:
> > root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does 80 port outside BSD-box listens?
05.03.15 21:25, Monah Baki пишет:
> root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n -e -ttt -i pflog0
> tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose
> output suppressed, use -v or -vv for
root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n -e -ttt -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size
65535 bytes
capability mode sandbo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hm. No.
We not checked only OS.
Does your BSD really loads PF module?
05.03.15 21:16, Monah Baki пишет:
> Not sure why the client is running old hard/soft ware, could it be
> cause of the hardware? Is FreeBSD an issue, should I switch to
> linux?
>
Not sure why the client is running old hard/soft ware, could it be cause of
the hardware? Is FreeBSD an issue, should I switch to linux?
On Thu, Mar 5, 2015 at 10:14 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Wow, 7600!
>
> But why is so antique iOS?! Current is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wow, 7600!
But why is so antique iOS?! Current is 15.4
05.03.15 21:09, Monah Baki пишет:
> PORT STATE SERVICE VERSION 23/tcp open telnet Cisco IOS
> telnetd MAC Address: 88:5A:92:63:77:81 (Cisco) Device type: router
> Running: Cisco IOS 12.X OS
PORT STATE SERVICE VERSION
23/tcp open telnet Cisco IOS telnetd
MAC Address: 88:5A:92:63:77:81 (Cisco)
Device type: router
Running: Cisco IOS 12.X
OS CPE: cpe:/h:cisco:7600_router cpe:/o:cisco:ios:12.2
OS details: Cisco 7600 router (IOS 12.2)
Network Distance: 1 hop
TCP Sequence Prediction: Dif
Hi all :
When i browse some webpage ( www.ifeng.com) via proxy ( squid.3.5.2) ,
There are some error info from firefox browser .
if possible , please give some advisement .
---
Content Encoding Error
The page you are trying to view cannot be sh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
10.0.0.23 is your host? And 10.0.0.24 is proxy box?
05.03.15 20:15, Monah Baki пишет:
> '--prefix=/cache/squid' '--enable-follow-x-forwarded-for'
> '--with-large-files' '--enable-ssl' '--disable-ipv6'
> '--enable-esi' '--enable-kill-parent-hack' '--e
'--prefix=/cache/squid' '--enable-follow-x-forwarded-for'
'--with-large-files' '--enable-ssl' '--disable-ipv6' '--enable-esi'
'--enable-kill-parent-hack' '--enable-snmp' '--with-pthreads'
'--with-filedescriptors=65535' '--enable-cachemgr-hostname=hostname'
'--enable-storeio=ufs,aufs,diskd,rock' '-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This looking good too.
Stupid question:
With witch interception option squid builed?
I.e, squid -v?
05.03.15 18:19, Monah Baki пишет:
> Hi all, can anyone verify if this is correct, need to make ure that
> users will be able to access the internet
Sure, here it is, very simple
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src
In my squid.conf
http_port 3128
http_port 3129 intercept
Thanks
On Thu, Mar 5, 2015 at 8:44 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Squid access denied?
>
> Look at this:
>
> In my /etc/pf.conf rdr pass inet proto tcp from 10.0.0.0/8 to any
> >> port 80 ->
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looking good.
Can I take look onto your squid.conf? Without comment lines and
sensitive info?
05.03.15 19:51, Monah Baki пишет:
> rdr pass inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24
> port 3129
>
> # block in pass in log quick on bge
rdr pass inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 port
3129
# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state
Thanks
On Thu, Mar 5, 2015 at 8:50 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Show complete pf.co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Show complete pf.conf, please.
05.03.15 19:45, Monah Baki пишет:
> In my squid.conf
>
> http_port 3128 http_port 3129 intercept
>
> Thanks
>
> On Thu, Mar 5, 2015 at 8:44 AM, Yuri Voinov
> wrote:
>
> Squid access denied?
>
> Look at this:
>
> I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Squid access denied?
Look at this:
In my /etc/pf.conf rdr pass inet proto tcp from 10.0.0.0/8 to any
>> port 80 -> 10.0.0.24 port 3129
Which port configured in Squid as intercept?
3129?
and 3128 is forwarding?
05.03.15 19:36, monahb...@gmail.com
Yes that's what I followed and user is getting a "access denied" from the squid
when he tries www.cnn.com
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Yuri Voinov
Sent: Thursday, March 5, 2015 8:22 AM
To: squid-users@lists.squid-cache.or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
05.03.15 18:19, Monah Baki пишет:
> Hi all, can anyone verify if this is correct, need to make ure that
> users wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Transparent interception in 3.5 still not completely supports SNI.
Only in 3.4.x branch.
And yes - you do it wrong in your config:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
05.03.15 17:53, Sergey Pronin пишет:
> Hello guys
Hi all, can anyone verify if this is correct, need to make ure that users
will be able to access the internet via the squid.
Running FreeBSD with a single interface with Squid-3.5.2
Policy based routing on Cisco with the following:
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 1 native
Hello guys,
I have a question about bumping and SNI. Is it supported now in squid 3.5?
What do I have:
Debian Linux
squid 3.5.2
Config for SSL transparent interception is the following:
https_port 10.10.115.7:3129 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
On 5/03/2015 4:25 p.m., Alberto Perez wrote:
> Hi and thanks to all members in this community for the great support.
>
>
> Im trying to send traffic for some users through a faster link using
> tcp_outgoing_address, I found this directive very usefull and suitable
> for this need.
>
> I use a ca
41 matches
Mail list logo
